Feature/93 refactor executor interface into multiple interfaces (#94)

Co-authored-by: jp <[email protected]>

Author: MaartendeKruijf

internal/controller/controller.go

@@ -13,7 +13,7 @@ import (
 	"soarca/internal/capability/openc2"
 	"soarca/internal/capability/ssh"
 	"soarca/internal/decomposer"
-	"soarca/internal/executer"
+	"soarca/internal/executors/action"
 	"soarca/internal/fin/protocol"
 	"soarca/internal/guid"
 	"soarca/logger"
@@ -66,9 +66,9 @@ func (controller *Controller) NewDecomposer() decomposer.IDecomposer {
 		}
 	}
 
-	executer := executer.New(capabilities)
+	actionExecutor := action.New(capabilities)
 	guid := new(guid.Guid)
-	decompose := decomposer.New(executer, guid)
+	decompose := decomposer.New(actionExecutor, guid)
 	return decompose
 }
 

internal/decomposer/decomposer.go

@@ -4,7 +4,8 @@ import (
 	"errors"
 	"fmt"
 	"reflect"
-	"soarca/internal/executer"
+
+	"soarca/internal/executors/action"
 	"soarca/internal/guid"
 	"soarca/logger"
 	"soarca/models/cacao"
@@ -15,8 +16,10 @@ import (
 
 type Empty struct{}
 
-var component = reflect.TypeOf(Empty{}).PkgPath()
-var log *logger.Log
+var (
+	component = reflect.TypeOf(Empty{}).PkgPath()
+	log       *logger.Log
+)
 
 type ExecutionDetails struct {
 	ExecutionId uuid.UUID
@@ -32,10 +35,10 @@ func init() {
 	log = logger.Logger(component, logger.Info, "", logger.Json)
 }
 
-func New(executor executer.IExecuter, guid guid.IGuid) *Decomposer {
-	var instance = Decomposer{}
-	if instance.executor == nil {
-		instance.executor = executor
+func New(actionExecutor action.IExecuter, guid guid.IGuid) *Decomposer {
+	instance := Decomposer{}
+	if instance.actionExecutor == nil {
+		instance.actionExecutor = actionExecutor
 	}
 	if instance.guid == nil {
 		instance.guid = guid
@@ -44,10 +47,10 @@ func New(executor executer.IExecuter, guid guid.IGuid) *Decomposer {
 }
 
 type Decomposer struct {
-	playbook cacao.Playbook
-	details  ExecutionDetails
-	executor executer.IExecuter
-	guid     guid.IGuid
+	playbook       cacao.Playbook
+	details        ExecutionDetails
+	actionExecutor action.IExecuter
+	guid           guid.IGuid
 }
 
 // Execute a Playbook
@@ -129,59 +132,22 @@ func (decomposer *Decomposer) ExecuteStep(step cacao.Step, scopeVariables cacao.
 	variables.Merge(step.StepVariables)
 
 	switch step.Type {
-	case "action":
-		return decomposer.ExecuteActionStep(step, variables)
+	case cacao.StepTypeAction:
+		actionMetadata := action.PlaybookStepMetadata{
+			Step:      step,
+			Targets:   decomposer.playbook.TargetDefinitions,
+			Auth:      decomposer.playbook.AuthenticationInfoDefinitions,
+			Agent:     decomposer.playbook.AgentDefinitions[step.Agent],
+			Variables: variables,
+		}
+		metadata := execution.Metadata{
+			ExecutionId: decomposer.details.ExecutionId,
+			PlaybookId:  decomposer.details.PlaybookId,
+			StepId:      step.ID,
+		}
+		return decomposer.actionExecutor.Execute(metadata, actionMetadata)
 	default:
 		// NOTE: This currently silently handles unknown step types. Should we return an error instead?
 		return cacao.NewVariables(), nil
 	}
 }
-
-// Execute a Step of type Action
-func (decomposer *Decomposer) ExecuteActionStep(step cacao.Step, scopeVariables cacao.Variables) (cacao.Variables, error) {
-	log.Debug("Executing action step")
-
-	agent := decomposer.playbook.AgentDefinitions[step.Agent]
-	returnVariables := cacao.NewVariables()
-
-	for _, command := range step.Commands {
-		// NOTE: This assumes we want to run Command for every Target individually.
-		//       Is that something we want to enforce or leave up to the capability?
-		for _, element := range step.Targets {
-			target := decomposer.playbook.TargetDefinitions[element]
-			// NOTE: What about Agent authentication?
-			auth := decomposer.playbook.AuthenticationInfoDefinitions[target.AuthInfoIdentifier]
-
-			meta := execution.Metadata{
-				ExecutionId: decomposer.details.ExecutionId,
-				PlaybookId:  decomposer.playbook.ID,
-				StepId:      step.ID,
-			}
-
-			_, outputVariables, err := decomposer.executor.Execute(
-				meta,
-				command,
-				auth,
-				target,
-				scopeVariables,
-				agent)
-
-			if len(step.OutArgs) > 0 {
-				// If OutArgs is set, only update execution args that are explicitly referenced
-				outputVariables = outputVariables.Select(step.OutArgs)
-			}
-
-			returnVariables.Merge(outputVariables)
-			scopeVariables.Merge(outputVariables)
-
-			if err != nil {
-				log.Error("Error executing Command")
-				return cacao.NewVariables(), err
-			} else {
-				log.Debug("Command executed")
-			}
-		}
-	}
-
-	return returnVariables, nil
-}

internal/executer/executer.go

@@ -0,0 +1,119 @@
+package action
+
+import (
+	"errors"
+	"fmt"
+	"reflect"
+	"soarca/internal/capability"
+	"soarca/logger"
+	"soarca/models/cacao"
+	"soarca/models/execution"
+)
+
+var component = reflect.TypeOf(Executor{}).PkgPath()
+var log *logger.Log
+
+func init() {
+	log = logger.Logger(component, logger.Info, "", logger.Json)
+}
+
+func New(capabilities map[string]capability.ICapability) *Executor {
+	var instance = Executor{}
+	instance.capabilities = capabilities
+	return &instance
+}
+
+type PlaybookStepMetadata struct {
+	Step      cacao.Step
+	Targets   map[string]cacao.AgentTarget
+	Auth      map[string]cacao.AuthenticationInformation
+	Agent     cacao.AgentTarget
+	Variables cacao.Variables
+}
+
+type IExecuter interface {
+	Execute(metadata execution.Metadata,
+		step PlaybookStepMetadata) (cacao.Variables, error)
+}
+
+type Executor struct {
+	capabilities map[string]capability.ICapability
+}
+
+func (executor *Executor) Execute(meta execution.Metadata, metadata PlaybookStepMetadata) (cacao.Variables, error) {
+
+	if metadata.Step.Type != cacao.StepTypeAction {
+		err := errors.New("the provided step type is not compatible with this executor")
+		log.Error(err)
+		return cacao.NewVariables(), err
+	}
+	returnVariables := cacao.NewVariables()
+	for _, command := range metadata.Step.Commands {
+		// NOTE: This assumes we want to run Command for every Target individually.
+		//       Is that something we want to enforce or leave up to the capability?
+		for _, element := range metadata.Step.Targets {
+			// NOTE: What about Agent authentication?
+			target := metadata.Targets[element]
+			auth := metadata.Auth[target.AuthInfoIdentifier]
+
+			outputVariables, err := executor.ExecuteActionStep(
+				meta,
+				command,
+				auth,
+				target,
+				metadata.Variables,
+				metadata.Agent)
+
+			if len(metadata.Step.OutArgs) > 0 {
+				// If OutArgs is set, only update execution args that are explicitly referenced
+				outputVariables = outputVariables.Select(metadata.Step.OutArgs)
+			}
+
+			returnVariables.Merge(outputVariables)
+
+			if err != nil {
+				log.Error("Error executing Command ", err)
+				return cacao.NewVariables(), err
+			} else {
+				log.Debug("Command executed")
+			}
+		}
+	}
+	return returnVariables, nil
+}
+
+func (executor *Executor) ExecuteActionStep(metadata execution.Metadata,
+	command cacao.Command,
+	authentication cacao.AuthenticationInformation,
+	target cacao.AgentTarget,
+	variables cacao.Variables,
+	agent cacao.AgentTarget) (cacao.Variables, error) {
+
+	if capability, ok := executor.capabilities[agent.Name]; ok {
+		command.Command = variables.Interpolate(command.Command)
+
+		for key, addresses := range target.Address {
+			var slice []string
+			for _, address := range addresses {
+				slice = append(slice, variables.Interpolate(address))
+			}
+			target.Address[key] = slice
+		}
+
+		authentication.Password = variables.Interpolate(authentication.Password)
+		authentication.Username = variables.Interpolate(authentication.Username)
+		authentication.UserId = variables.Interpolate(authentication.UserId)
+		authentication.Token = variables.Interpolate(authentication.Token)
+		authentication.OauthHeader = variables.Interpolate(authentication.OauthHeader)
+		authentication.PrivateKey = variables.Interpolate(authentication.PrivateKey)
+
+		returnVariables, err := capability.Execute(metadata, command, authentication, target, variables)
+		return returnVariables, err
+	} else {
+		empty := cacao.NewVariables()
+		err := errors.New(fmt.Sprint("capability: ", agent.Name, " is not available in soarca"))
+		log.Error(err)
+		return empty, err
+	}
+
+}